Interview › Security & DevSecOps
What is the difference between a quality gate and a quality profile in SonarQube? [Basic]
Answer
A quality gate defines whether a project passes or fails based on metrics. A quality profile defines which analysis rules are enabled for a language. The profile decides what issues can be raised; the gate decides whether the result is acceptable.
Technical explanation
Quality profiles are rule sets, such as Java rules for security, reliability, and maintainability.
Quality gates are governance thresholds, such as no new blocker issues or new-code coverage above 80 percent.
A team can tune profiles per language while keeping a common enterprise gate for consistent release standards.
Hands-on example
Example: the Java quality profile enables rules for SQL injection and insecure random usage. The quality gate then fails the PR if any new vulnerability is found or if new-code coverage drops below the agreed threshold.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]